SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that youRead More

Dora – Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found

Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis Can easily be implemented intoRead More

Wholeaked – A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It’s written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it canRead More

Master_Librarian – A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo python3 -m pip install -r requirements.txt Overview: vulnerabilities on local libraries by CoolerVoid Example: $ python3 -t csv $ python3 -t txt -l 3 usage: [-h] -t TYPES [-l LIMIT] optional arguments: -h, –helpRead More

Ocr-Recon – Tool To Find A Particular String In A List Of URLs Using Tesseract’S OCR (Optical Character Recognition) Capabilities

This tool is useful to find a particular string in a list of URLs using tesseract’s OCR (Optical Character Recognition) capabilities. Usage Usage: python3 listwithURLs stringtosearch Download Ocr-Recon

Scylla – The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scylla outRead More

SSRFire – An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Syntax ./ -d -s -f custom_file.txt -c cookies —> The domain for which you want to test —> Your server which detects SSRF. Eg. Burp collaboratorRead More

Njsscan – A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications

njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan [-h] [–json] [–sarif] [–sonarqube]Read More

Snaffler – A Tool For Pentesters To Help Find Delicious Candy

Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it’s flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment). It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an “audit” tool. I don’t want to readRead More